Published: 20/05/2019 Updated: 14/02/2024

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
elabftw elabftw 1.8.5

#!/usr/bin/env python # # Exploit Title : eLabFTW 185 'EntityController' Arbitrary File Upload / RCE # Date : 5/18/19 # Exploit Author : liquidsky (JMcPeters) # Vulnerable Software : eLabFTW 185 # Vendor Homepage : wwwelabftwnet/ # Version : 185 # Software Link : ...

eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE (CVE-2019-12185)

Exploit Title : eLabFTW 185 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky (Joseph McPeters) Vulnerable Software : eLabFTW 185 Vendor Homepage : wwwelabftwnet/ Version : 185 Software Link : docelabftwnet/ Tested On

CWE-434 https://github.com/fuzzlove/eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE http://incidentsecurity.com/elabftw-1-8-5-entitycontroller-arbitrary-file-upload-rce/https://nvd.nist.gov https://github.com/fuzzlove/eLabFTW-1.8.5-EntityController-Arbitrary-File-Upload-RCE https://www.exploit-db.com/exploits/46869

CVE-2019-12185

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect